I have a feeling I’m missing something, but if all you want to do is
generate obfuscated URLs, why not just the the SHA1-hash of a string
consisting of the “real” url and the user’s name? You can store the
generated urls in the server-side user-session so you don’t have to do any
is there a way to de-sha1 these hashed results to get the original data?
and to do the shash with a specific key?
all i could find was:
res = Digest::SHA1.hexdigest(str)
whats the reverse of this,
and where is the key from?
we need to pass URLs back and forth from a ruby site to a PHP site. so
i was looking for a reasonably easy algorithm that would work for
both. I’ve had problems with blowfish on PHP giving different results
on different OSs. So i dont really want to risk something more obscure
given such different environments.
this is also for a mobile phone service where we reliably can get a
uniqueID per user.
we need to prevent people forwarding URLs which is why we need to key
off the uniqueID
but I need to be able to go both ways, given the key. eg:
I can then decode this + with the users ID/key + send them on their way,
and also pack up URLs to send ppl back to the php page.
other suggestions are to put all the URLs in a DB + then check against
the userID/urlID key etc but i want to avoid DB access.